uniqueusername uniqueusername - 3 years ago 173
Node.js Question

Prevent user from injecting javascript/markup into element

I'm attempting to write a chat server and I've come across the issue that if someone puts markup in their messages e.g.

then the message will send with bold text. Someone could take it further by putting scripts in their message. I'm not sure how I can avoid this.

Answer Source

You need to filter your input to take out unwanted tags. There really isn"t much else to it.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download